Compare Check Point Virtual Systems vs. Cisco Firepower NGFW

Cancel
You must select at least 2 products to compare!
Most Helpful Review
Find out what your peers are saying about Check Point Virtual Systems vs. Cisco Firepower NGFW and other solutions. Updated: July 2020.
431,670 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
Unfortunately in Cisco, only the hardware was good.The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control.If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering.It's easy to integrate ASA with other Cisco security products. When you understand the technology, it's not a big deal. It's very simple.The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks.On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you.If you have a solution that is creating a script and you need to deploy many implementations, you can create a script in the device and it will be the same for all. After that, you just have to do the fine tuning.They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home functionality.

More Cisco ASA NGFW Pros »

The most valuable feature for us is the cluster support.As per the solution's blade design, there are many options. For example, you have to buy a UTM blade and an advanced malware blade, etc. If the blade license is there, we can configure from the firewall GUI.A unique architecture makes this product stand out from other solutions.The IPS, application and URL filtering, as well as Identity Awareness, are all very valuable features.We find Check Point valuable because they are 100% focused on security. It totally closes the potential vulnerability channel. We can check our mail and our attachments and we can scan everything easily. We get an immediate report about the situation of the attachments. We can discover if the target's security attack was started from phishing, etc. We also enjoy using the additional features that protect our internal customer from targeted attacks.The program is very stable.The most valuable feature of this solution is that you can start off with a simple firewall and expand it to UTM.It's a high-performance device. The network performance is also really good. We check how much time it takes for the servers. Our network performance has increased since using this solution.

More Check Point Virtual Systems Pros »

Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening.One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses.The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate.Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality.They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. So that is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities.With the FMC and the FirePOWERs, the ability to quickly replace a piece of hardware without having to have a network outage is useful. Also, the ability to replace a piece of equipment and deploy the config that the previous piece of equipment had is pretty useful.We can easily track unauthorized users and see where traffic is going.The protection and security features, like URL filtering, the inspection, and the IPS feature, are also very valuable for us. We don't have IT staff at most of the sites so for us it's important to have a robust firewall at those sites

More Cisco Firepower NGFW Pros »

Cons
In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline.Security generally requires integration with many devices, and the management side of that process could be enhanced somewhat. It would help if there was a clear view of the integrations and what the easiest way to do them is.One area where the ASA could be improved is that it doesn't have AMP. When you get an ASA with the Firepower model, ASA with FTD, then you have advanced malware protection.If I want to activate IPS features on it, I have to buy another license. If I want Cisco AnyConnect, I have to buy another license. That's where we have challenges.Cisco missed the mark with all the configuration steps. They are a pain and, when doing them, it looks as if we're using a very old technology — yet the technology itself is not old, it's very good. But the front-end configuration is very tough.Cisco provides us with application visibility and control, although it's not a complete solution compared to other vendors. Cisco needs to work on the application behavior side of things, in particular when it comes to the behavior of SSL traffic.It is expensive.We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out.

More Cisco ASA NGFW Cons »

Our biggest complaint concerns the high resource usage for IDP/IPS, as we cannot turn on all of the features even with new hardware.If you compare the GUI with the Palo Alto and Forcepoint in the Cisco, they're very easy. Check Point, due to its design, is a little bit complex. They should make the GUI easy to use so that anyone can understand it easily, like Fortinet's GUI. Many companies end up using Fortinet because the GUI is very easy, and there's no need for training. They just deploy the box and do the configuration.It can be difficult to install properly without prior trainingSometimes, if you aren't familiar with the solution, it can be a bit complex, but it does become easier to use with time. However, every time they launch a new version, it becomes more complex and you need to take time to get familiar with all the changes. For every version that they upgrade, you need to upskill yourself.The stability of the solution could be improved, but this is the problem of all the solutions in the market. This isn't just a problem specific to Check Point.It is a very expensive program and there are additional costs despite the standard licensing fees.The management console can be simplified because at the moment, it is a bit of a challenge to use.The initial setup is difficult. It took me three tries to get it right. The setup took two or three hours.

More Check Point Virtual Systems Cons »

The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team.One feature I would like to see, that Firepower doesn't have, is email security. Perhaps in the future, Cisco will integrate Cisco Umbrella with Firepower. I don't see why we should have to pay for two separate products when both could be integrated in one box.The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution.The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved.I was just trying to learn how this product actually operates and one thing that I see from internal processing is it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. So they put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. So, something similar can be done in the Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. Internal function that is something that they can improve upon.We had an event recently where we had inbound traffic for SIP and we experienced an attack against our SIP endpoint, such that they were able to successfully make calls out... Both CTR, which is gathering data from multiple solutions that the vendor provides, as well as the FMC events connection, did not show any of those connections because there was not a NAT inbound which said either allow it or deny it.We would like to see improvement in recovery. If there is an issue that forces us to do recovery, we have to restart or reboot. In addition, sometimes we have downtime during the maintenance windows. If Cisco could enhance this, so that upgrades would not necessarily require downtime, that would be helpful.The user interface for the Firepower management console is a little bit different from traditional Cisco management tools. If you look at products we already use, like Cisco Prime or other products that are cloud-based, they have a more modern user interface for managing the products. For Firepower, the user interface is not very user-friendly. It's a little bit confusing sometimes.

More Cisco Firepower NGFW Cons »

Pricing and Cost Advice
Always consider what you might need to reduce your wasted time and invest it in other solutions.There is room for improvement in the pricing when compared to the market. Although, when you compare the benefits of support from Cisco, you can adjust the value and it becomes comparable, because you usually need very good support. So you gain value there with this device.When it comes to Cisco, the price of everything is higher. Cisco firewalls are expensive, but we get support from Cisco, and that support is very active.It's a brilliant firewall, and the fact that it comes with a perpetual license really does go far in terms of helping the organization in not having to deal with those costs on an annual basis. That is a pain point when it comes to services like the ones we have on Fortigate. That's where we really give Cisco firewalls the thumbs up.Cisco is expensive, but you do get benefits for the price.In terms of costs, other solutions are more expensive than Cisco. Palo Alto is more expensive than Cisco.Pricing varies on the model and the features we are using. It could be anywhere from $600 to $1000 to up to $7,000 per year, depending on what model and what feature sets are available to us.We used Check Point and the two are comparable. Cost was really what put us onto the ASAs... the price tag for Check Point was exorbitantly more than what it is for the ASA solution.

More Cisco ASA NGFW Pricing and Cost Advice »

We pay approximately ‎€150,000 ($166,000 USD) per year.It is more expensive than other solutions and would be more competetive in the market if it came down in price.On average, it is normally on the lower end, being less expensive than Palo Alto or Cisco.

More Check Point Virtual Systems Pricing and Cost Advice »

Cisco pricing is premium. However, they gave us a 50 to 60 percent discount.There are additional implementation and validation costs.We normally license on a yearly basis. The hardware procurement cost should be considered. If you're virtual maybe that cost is eradicated and just the licensing cost is applied. If you have hardware the cost must be covered by you. All the shipping charges will be paid by you also. I don't thing there are any other hidden charges though.The one-time cost is affordable, but the maintenance cost and the Smart Net costs need to be reduced. They're too high.Cisco's pricing is high, at times, for what they provide.Our subscription costs, just for the firewalls, is between $400,000 and $500,000 a year.The Firepower series of appliances is not cheap. I just got a quote recently for six firewalls that was in the range of over half-a-million dollars. That's what could push us to look to other vendors...The price of this solution is not good or bad.

More Cisco Firepower NGFW Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
431,670 professionals have used our research since 2012.
Popular Comparisons
Compared 36% of the time.
Compared 9% of the time.
Compared 6% of the time.
Compared 1% of the time.
Compared 9% of the time.
Also Known As
Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire FirewallsCheck Point VSXCisco Firepower Next-Generation Firewall, FirePOWER
Learn
Cisco
Check Point
Cisco
Overview

Adaptive Security Appliance (ASA) is Cisco's end-to-end software solution and core operating system that powers the Cisco ASA product series. This software solution provides enterprise-level firewall capabilities for all types of ASA products, including blades, standalone appliances and virtual devices. Adaptive Security Appliance provides protection to organizations of all sizes, and allows end-users to access information securely anywhere, at any time, and through any device.

Adaptive Security Appliance is also fully compatible with other key security technologies, and so provides organizations with an all-encompassing security solution.

Block more threats and quickly mitigate those that do breach your defenses with the industry’s first threat-focused NGFW.

Check Point Virtual Systems taps the power of virtualization to consolidate and simplify security for private clouds while delivering a lower total cost of ownership. It enables customized security against evolving network threats with the extensible Software Blade Architecture. Virtual Systems is supported on Check Point Appliances, including the 61000 Security System as well as open servers.

Learn more about Virtual systems

The Cisco Firepower Next Generation Firewall (NGFW) prevents breaches, and can quickly detect and mitigate stealthy attacks using deep visibility and the most advanced security capabilities of any firewall available today - all while maintaining optimal network performance and uptime. With Cisco NGFW you can automate operations to save time, reduce complexity, and work smarter.

Offer
Learn more about Cisco ASA NGFW
Learn more about Check Point Virtual Systems
Learn more about Cisco Firepower NGFW
Sample Customers
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.Bentley Systems, Almaviva TSF S.p.A, Yankuang Group, Mitsubishi Heavy Industries Ltd.Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
Top Industries
REVIEWERS
Financial Services Firm20%
Manufacturing Company10%
Comms Service Provider9%
University8%
VISITORS READING REVIEWS
Computer Software Company29%
Comms Service Provider21%
Media Company7%
Government5%
REVIEWERS
Financial Services Firm29%
Government29%
Healthcare Company14%
Non Profit14%
VISITORS READING REVIEWS
Computer Software Company40%
Comms Service Provider20%
Media Company6%
Government4%
REVIEWERS
Financial Services Firm36%
Comms Service Provider21%
Manufacturing Company14%
Transportation Company14%
VISITORS READING REVIEWS
Computer Software Company28%
Comms Service Provider27%
Government6%
Media Company4%
Find out what your peers are saying about Check Point Virtual Systems vs. Cisco Firepower NGFW and other solutions. Updated: July 2020.
431,670 professionals have used our research since 2012.
Check Point Virtual Systems is ranked 22nd in Firewalls with 9 reviews while Cisco Firepower NGFW is ranked 4th in Firewalls with 21 reviews. Check Point Virtual Systems is rated 8.2, while Cisco Firepower NGFW is rated 8.0. The top reviewer of Check Point Virtual Systems writes "Reliable solution with a unique architecture that creates flexibility in the deployment ". On the other hand, the top reviewer of Cisco Firepower NGFW writes "Enables analysis, diagnosis, and deployment of fixes quickly, but the system missed a SIP attack". Check Point Virtual Systems is most compared with Fortinet FortiGate, Palo Alto Networks WildFire, pfSense, Sophos XG and Palo Alto Networks NG Firewalls, whereas Cisco Firepower NGFW is most compared with Fortinet FortiGate, Palo Alto Networks WildFire, Meraki MX , Azure Firewall and Palo Alto Networks NG Firewalls. See our Check Point Virtual Systems vs. Cisco Firepower NGFW report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.